From 66009f23264042e225b9123cfc4f2fc03d8f2ae8 Mon Sep 17 00:00:00 2001 From: happybell80 Date: Mon, 14 Jul 2025 17:13:05 +0900 Subject: [PATCH] Add Gitea Actions workflow for nginx deployment - Create .gitea/workflows/deploy.yml for automated nginx config deployment - Implement local server deployment (no SSH required) - Add automatic backup, validation, and rollback features - Update README.md with Gitea Actions setup instructions - Include sudo permissions configuration guide Features: - Automatic nginx config backup before deployment - Configuration syntax validation - Seamless nginx service reload - Automatic rollback on deployment failure - Old backup cleanup (keeps last 5) --- .gitea/workflows/deploy.yml | 107 ++++++++++++++++++++++++++++++++++++ README.md | 42 +++++++------- 2 files changed, 130 insertions(+), 19 deletions(-) create mode 100644 .gitea/workflows/deploy.yml diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..208ae13 --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,107 @@ +# Ubuntu 서버 nginx 설정 자동 배포 워크플로우 (Gitea Actions) +# +# 성공 조건: +# - Gitea Actions 활성화 +# - admin 사용자 sudo NOPASSWD 설정 완료 +# - nginx 서비스 실행 중 +# +# 실패 조건: +# - sudo 권한 없음 +# - nginx 설정 문법 오류 +# - 시스템 서비스 오류 +# +# 주요 작업: +# 1. 소스 코드 체크아웃 +# 2. nginx 설정 백업 +# 3. 새 설정 적용 (/etc/nginx/sites-available/default) +# 4. nginx 설정 검증 (nginx -t) +# 5. nginx 서비스 reload +# 6. 배포 결과 확인 + +name: Deploy Nginx Config to Ubuntu Server + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Backup current nginx config + run: | + echo "📋 Creating backup of current nginx configuration..." + sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.backup.$(date +%Y%m%d_%H%M%S) + echo "✅ Backup created successfully" + + - name: Validate new nginx configuration + run: | + echo "🔍 Validating new nginx configuration syntax..." + # Create temporary copy to validate + sudo cp server-nginx-default /tmp/nginx-test-config + sudo nginx -t -c /tmp/nginx-test-config || { + echo "❌ New nginx configuration has syntax errors!" + exit 1 + } + echo "✅ New configuration syntax is valid" + + - name: Apply new nginx configuration + run: | + echo "📋 Applying new nginx configuration..." + sudo cp server-nginx-default /etc/nginx/sites-available/default + echo "✅ Configuration file updated" + + - name: Test nginx configuration + run: | + echo "🔍 Testing nginx configuration with current setup..." + sudo nginx -t + echo "✅ Configuration test passed" + + - name: Reload nginx service + run: | + echo "🔄 Reloading nginx service..." + sudo systemctl reload nginx + echo "✅ Nginx service reloaded successfully" + + - name: Verify deployment + run: | + echo "🚀 Verifying deployment status..." + # Check nginx service status + sudo systemctl is-active nginx || { + echo "❌ Nginx service is not running!" + # Rollback on failure + echo "🔄 Rolling back to previous configuration..." + BACKUP_FILE=$(ls -t /etc/nginx/sites-available/default.backup.* 2>/dev/null | head -1) + if [ -n "$BACKUP_FILE" ]; then + sudo cp "$BACKUP_FILE" /etc/nginx/sites-available/default + sudo systemctl reload nginx + echo "✅ Rollback completed" + fi + exit 1 + } + + # Test HTTP response + curl -f -s -I http://localhost:80 > /dev/null || { + echo "⚠️ Warning: HTTP response test failed, but nginx is running" + } + + echo "✅ Deployment completed successfully!" + echo "📊 Deployment Summary:" + echo " - Configuration: Applied" + echo " - Service: Running" + echo " - Status: Success" + + - name: Cleanup old backups + run: | + echo "🧹 Cleaning up old backup files (keeping last 5)..." + cd /etc/nginx/sites-available/ + sudo ls -t default.backup.* 2>/dev/null | tail -n +6 | sudo xargs rm -f + echo "✅ Cleanup completed" \ No newline at end of file diff --git a/README.md b/README.md index 3a75d78..f81c807 100644 --- a/README.md +++ b/README.md @@ -5,37 +5,41 @@ Ubuntu 서버용 Nginx 리버스 프록시 배포 저장소입니다. ## 구조 ``` -nginx-deploy/ -├── .github/workflows/deploy.yml # GitHub Actions 배포 스크립트 +nginx-infra/ +├── .gitea/workflows/deploy.yml # Gitea Actions 배포 스크립트 +├── .github/workflows/deploy.yml # GitHub Actions 배포 스크립트 (legacy) ├── default.conf # Docker nginx 설정 (legacy) ├── server-nginx-default # 서버 nginx 설정 파일 ├── docker-compose.yml # Docker Compose 정의 (cleanup용) └── README.md # 이 파일 ``` -## 배포 플로우 +## 배포 플로우 (Gitea Actions) 1. **main 브랜치에 push** -2. **GitHub Actions** 자동 실행 -3. **파일 전송** (Ubuntu 서버 ~/robeing-nginx) -4. **nginx 설정 적용** (서버 nginx 자동 reload) -5. **Docker 컨테이너 정리** (기존 컨테이너 중지) +2. **Gitea Actions** 자동 실행 (로컬 서버) +3. **nginx 설정 백업** (자동 백업) +4. **설정 검증** (nginx -t) +5. **nginx 설정 적용** (/etc/nginx/sites-available/default) +6. **nginx 서비스 reload** (무중단 적용) +7. **배포 검증** (자동 롤백 포함) ## 서버 설정 -### GitHub Secrets 설정 -``` -NAS_HOST: 124.55.18.179 -NAS_PORT: 51123 -NAS_USER: admin -NAS_SSH_KEY_ADMIN: SSH 개인키 -``` +### Gitea Actions 요구사항 +- Ubuntu 22.04 LTS +- Gitea Actions 활성화 +- admin 사용자 sudo NOPASSWD 권한 +- nginx 서비스 실행 중 -### 서버 요구사항 -- Ubuntu 22.04 LTS -- Nginx 설치 및 SSL 설정 완료 -- admin 사용자 특정 명령어 sudo 권한 (NOPASSWD) -- 포트 80, 443 오픈 +### sudo 권한 설정 +```bash +# /etc/sudoers.d/admin 파일 생성 +sudo visudo -f /etc/sudoers.d/admin + +# 다음 내용 추가: +admin ALL=(ALL) NOPASSWD: /usr/bin/cp, /usr/sbin/nginx, /bin/systemctl +``` ## 프록시 라우팅